Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.

Similar presentations


Presentation on theme: "1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia."— Presentation transcript:

1 1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia

2 2 USHER - US Higher Education Root CA  Philosophy Lots of discussions about the needs of our community Eventual decision to implement what we call USHER-Basic first A different version of USHER may appear in the future to support applications that require a higher levels of assurance

3 3 USHER Basic Summary  Purpose: facilitate inter-institutional use of campus issued PKI credentials  USHER-Basic target Campuses that operate their PKI infrastructure at the same LOA as their common password- based systems  Email, scheduling, and commodity computing, etc  The USHER CA itself will operate at a relatively high level of assurance

4 4 PKI Applications  USHER was designed with some of these example applications in mind LionShare Grids (Globus toolkit) Electronic mail (S/MIME) VPN (IPSec), Wireless (EAP-TLS), & SSH authentication Web authentication

5 5 Expected Practices  When campuses join USHER, they are expected to adhere to a set of “Expected Practices” Will operate their PKI using processes that are at least as strong as how they manage accounts for email and calendaring Campuses may issue certificates to anyone affiliated with their institution – the campus definition of affiliation applies

6 6 Expected Practices  The campus will actively maintain all services that are implied in their certificates, e.g., CRLs Policy and practices if Policy OID is present  Campuses will not join USHER if they can not or will not meet the expected practices  Expected practices are still being finalized

7 7 CA/RA Process  Signed Participation Agreement Signed by a campus official authorized to commit the university Designates the operational campus entity A strong process similar to the one that was used by CREN is used to validate the campus operator and establish a secure communications channel The campus generates a request which is then signed by the USHER CA

8 8 USHER: Some Q&A  Can a campus have multiple USHER CAs? Yes, and some may do this for organizational reasons Also, one campus USHER CA can issue an Authority Certificate to another as long this is consistent with existing campus ID management practices  Eligibility US Higher Education Institutions Other entities sponsored by a US Higher Education member

9 9 USHER: Some Q&A  What is the minimum LOA that a relying party can assume? A campus official designated a campus organization to operate the USHER CA USHER used a strong process to validate the organization and establish a secure communications channel The USHER CA signs campus authority certificates using a strong technical process

10 10 PKI and USHER/HEBCA  (How) do all of these PKI pieces fit together? USHER – US Higher Education Root CA HEBCA – Higher Education Bridge CA Campus Certification Authorities EDUCAUSE contract for outsourced certificates  What should a campus be doing?  Where’s the glue?

11 11 A Higher-level View of Inter-organizational Trust FBCA HEBCA SAFE Commercial Others Campus CA Educause Verisign CA USHER CA Campus CA Campus Users

12 12  Thank you  Questions/Discussion


Download ppt "1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia."

Similar presentations


Ads by Google